From 4c88f1acf96b714b3583d47e151323b9c47a1fe5 Mon Sep 17 00:00:00 2001
From: Kirk Mayo <kirk@silverstripe.com>
Date: Thu, 19 Dec 2013 15:56:10 +1300
Subject: [PATCH] BUG: Fixes #69 by adding a check to see if the form has been
 processed

---
 code/model/UserDefinedForm.php | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/code/model/UserDefinedForm.php b/code/model/UserDefinedForm.php
index fc0be63..ceef9de 100755
--- a/code/model/UserDefinedForm.php
+++ b/code/model/UserDefinedForm.php
@@ -1044,6 +1044,9 @@ JS
 		Session::clear("FormInfo.{$form->FormName()}.data");
 		
 		$referrer = (isset($data['Referrer'])) ? '?referrer=' . urlencode($data['Referrer']) : "";
+
+		// set a session variable from the security ID to stop people accessing the finished method directly
+		Session::set('FormProcessed',$data['SecurityID']);
 		
 		return $this->redirect($this->Link() . 'finished' . $referrer);
 	}
@@ -1055,6 +1058,23 @@ JS
 	 * @return ViewableData
 	 */
 	public function finished() {
+		$formProcessed = Session::get('FormProcessed');
+		if (!isset($formProcessed)) {
+				$referrer = (isset($data['Referrer'])) ? '?referrer=' .
+					urlencode($data['Referrer']) : "";
+				return $this->redirect($this->Link() . $referrer);
+		} else {
+			$securityID = Session::get('SecurityID');
+			// make sure the session matches the SecurityID and is not left over from another form
+			if ($formProcessed != $securityID) {
+				$referrer = (isset($data['Referrer'])) ? '?referrer=' .
+					urlencode($data['Referrer']) : "";
+				return $this->redirect($this->Link() . $referrer);
+			}
+		}
+		// remove the session variable as we do not want it to be re-used
+		Session::clear('FormProcessed');
+
 		$referrer = isset($_GET['referrer']) ? urldecode($_GET['referrer']) : null;
 		
 		return $this->customise(array(